1. Google will provide a new separate data environment called "GovCloud". The GovCloud will store both applications and data in a completely segregated environment that will only be used by Public Agencies (Federal, State and Local).
2. The GovCloud goal is to build a parallel, segregated instance of the Google cloud to run Google Apps (Gmail, Calendar, Docs, Sites, Talk, etc.) with the key results being:
a. data physically and logically segregated from Google's standard cloud;
b. data encrypted at rest and unreadable; and
c. data lives exclusively in the ,continentaIU.S. and only accessible by U.S. citizens with appropriate background checks / clearance.
3. Data at Rest (stored within Google Systems): is secured with the following:
a. The data is parsed into many pieces and 'each is stored on various servers. This means that if a single or bank of servers is stolen or compromised (which has never happened), the data is secure as it is encrypted pieces of a whole that they won't have a key to recreate.
b. Administrators within Google who manage the hardware only manage a small portion of the data center and do not have access to all servers or any data encryption keys. They are not able to see or recompile the data into readable files.
c. Super Administrators within Google who manage customer service and respond to City issues and help requests do have the tools and keys to recompile and see the data in a readable form.
4. Within the contract, CSC/Google have agreed that our data belongs to the City of Los Angeles and we have the right to protect it from disclosure. CSC/Google will notify the City of any request of data or security breach, so that the City can take actions that the City deems appropriate.